From 45fbf23758b4b01ffcd9822ae16fba6457f56a6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Fri, 28 Jul 2023 23:21:31 +0900 Subject: [PATCH] chore: system update fix: new rekey interface fix: nix-plugin build against newer nix version --- .envrc | 2 +- flake.lock | 75 +++++++++++++++++---------------- flake.nix | 1 + hosts/common/core/system.nix | 2 +- hosts/patricknix/net.nix | 12 +++--- hosts/patricknix/smb-mounts.nix | 4 +- hosts/patricknix/wireguard.nix | 10 ++--- modules/secrets.nix | 8 +--- nix/devshell.nix | 15 +++++++ 9 files changed, 71 insertions(+), 58 deletions(-) diff --git a/.envrc b/.envrc index 3bf99eb..0f1b266 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,2 @@ -nix_direnv_watch_file ./nix/dev-shell.nix +nix_direnv_watch_file ./nix/devshell.nix use flake diff --git a/flake.lock b/flake.lock index 36affc7..9098959 100644 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ ] }, "locked": { - "lastModified": 1684153753, - "narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=", + "lastModified": 1690228878, + "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", "owner": "ryantm", "repo": "agenix", - "rev": "db5637d10f797bb251b94ef9040b237f4702cde3", + "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", "type": "github" }, "original": { @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1684539260, - "narHash": "sha256-lF3+vp2UZwBjzF4pnOKYZrQOCFdnOdtvGmaFIzsaMN4=", + "lastModified": 1687304097, + "narHash": "sha256-VId0oZxpYm4HSHwbsuGKI84zFkL6Gp4wuoJbbl52oZg=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "e9a2bad33b7b1634af65cbc809fc31776df41fe5", + "rev": "b1811920562ba287b680f35644ce3ed78d029cdf", "type": "github" }, "original": { @@ -56,11 +56,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1685163780, - "narHash": "sha256-tMwseHtEFDpO3WKeZKWqrKRAZI6TiEULidxEbzicuFg=", + "lastModified": 1688224393, + "narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c61bebae1dc1d57237577080b1ca1e37a3fbcebf", + "rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd", "type": "github" }, "original": { @@ -101,11 +101,11 @@ ] }, "locked": { - "lastModified": 1683635384, - "narHash": "sha256-9goJTd05yOyD/McaMqZ4BUB8JW+mZMnZQJZ7VQ6C/Lw=", + "lastModified": 1688380630, + "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", "owner": "numtide", "repo": "devshell", - "rev": "5143ea68647c4cf5227e4ad2100db6671fc4c369", + "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", "type": "github" }, "original": { @@ -153,11 +153,11 @@ ] }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1685721552, - "narHash": "sha256-ifvq/zlO7lck8q+YkC5uom/h8/MVdMcQEldOL3cDQW0=", + "lastModified": 1690476848, + "narHash": "sha256-PSmzyuEbMxEn2uwwLYUN2l1psoJXb7jm/kfHD12Sq0k=", "owner": "nix-community", "repo": "home-manager", - "rev": "29519461834c08395b35f840811faf8c23e3b61c", + "rev": "8d243f7da13d6ee32f722a3f1afeced150b6d4da", "type": "github" }, "original": { @@ -217,11 +217,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1685790092, - "narHash": "sha256-pnLdV2Q91HjHBupuPtHGqknFDodXqp4hTwZ+NRPJ02g=", + "lastModified": 1690453540, + "narHash": "sha256-UDM0gIZcXbooKE+pTL6xAJgHhGIQxSE3XrD8bz8vv3k=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "c5a7202cd9a49a0ee28e6af07a30d3702d170211", + "rev": "2ea7d10d049e26c9829912da1d16f7f35f5b265d", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1684899633, - "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", + "lastModified": 1690200740, + "narHash": "sha256-aRkEXGmCbAGcvDcdh/HB3YN+EvoPoxmJMOaqRZmf6vM=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", + "rev": "ba9650b14e83b365fb9e731f7d7c803f22d2aecf", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1685655444, - "narHash": "sha256-6EujQNAeaUkWvpEZZcVF8qSfQrNVWFNNGbUJxv/A5a8=", + "lastModified": 1690367991, + "narHash": "sha256-2VwOn1l8y6+cu7zjNE8MgeGJNNz1eat1HwHrINeogFA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e635192892f5abbc2289eaac3a73cdb249abaefd", + "rev": "c9cf0708f00fbe553319258e48ca89ff9a413703", "type": "github" }, "original": { @@ -299,16 +299,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1678872516, - "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } @@ -326,11 +326,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1685361114, - "narHash": "sha256-4RjrlSb+OO+e1nzTExKW58o3WRwVGpXwj97iCta8aj4=", + "lastModified": 1690464206, + "narHash": "sha256-38V4kmOh6ikpfGiAS+Kt2H/TA2DubSqE66veP/jmB4Q=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ca2fdbf3edda2a38140184da6381d49f8206eaf4", + "rev": "9289996dcac62fd45836db7c07b87d2521eb526d", "type": "github" }, "original": { @@ -406,17 +406,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1685745220, - "narHash": "sha256-6UY4E0naSxRQv4fcFImV4KcmVm1H+w7oTEKzK489hG4=", + "lastModified": 1690165843, + "narHash": "sha256-gv5kjss6REeQG0BmvK2gTx7jHLRdCnP25po6It6I6N8=", "owner": "wlroots", "repo": "wlroots", - "rev": "52b93f7eb41bd96870c935013fe6d1e36facba5c", + "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", + "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3", "type": "gitlab" } }, diff --git a/flake.nix b/flake.nix index ca80fdb..ca30bf5 100644 --- a/flake.nix +++ b/flake.nix @@ -73,6 +73,7 @@ { secretsConfig = { masterIdentities = [./secrets/NIXOSc.key.pub]; + #masterIdentities = [./secrets/NIXOSa.key.pub]; extraEncryptionPubkeys = [./secrets/recipients.txt]; }; diff --git a/hosts/common/core/system.nix b/hosts/common/core/system.nix index 10bcea8..00bbeae 100644 --- a/hosts/common/core/system.nix +++ b/hosts/common/core/system.nix @@ -6,7 +6,7 @@ nodeName, ... }: { - rekey = { + age.rekey = { inherit (inputs.self.secretsConfig) masterIdentities diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix index 6a53b5f..5e1e8ce 100644 --- a/hosts/patricknix/net.nix +++ b/hosts/patricknix/net.nix @@ -33,16 +33,16 @@ dns = ["9.9.9.9"]; }; }; - rekey.secrets.eduroam = { - file = nodePath + "/secrets/iwd/eduroam.8021x.age"; + age.secrets.eduroam = { + rekeyFile = nodePath + "/secrets/iwd/eduroam.8021x.age"; path = "/var/lib/iwd/eduroam.8021x"; }; - rekey.secrets.devoloog = { - file = nodePath + "/secrets/iwd/devolo-og.psk.age"; + age.secrets.devoloog = { + rekeyFile = nodePath + "/secrets/iwd/devolo-og.psk.age"; path = "/var/lib/iwd/devolo-og.psk"; }; - rekey.secrets.kaist = { - file = nodePath + "/secrets/iwd/kaist.8021x.age"; + age.secrets.kaist = { + rekeyFile = nodePath + "/secrets/iwd/kaist.8021x.age"; path = "/var/lib/iwd/Welcome_KAIST.8021x"; }; } diff --git a/hosts/patricknix/smb-mounts.nix b/hosts/patricknix/smb-mounts.nix index 20311ce..487d131 100644 --- a/hosts/patricknix/smb-mounts.nix +++ b/hosts/patricknix/smb-mounts.nix @@ -9,13 +9,13 @@ "x-systemd.idle-timeout=60" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" - "credentials=${config.rekey.secrets.smb-creds.path}" + "credentials=${config.age.secrets.smb-creds.path}" "uid=${builtins.toString config.users.users.patrick.uid}" "gid=${builtins.toString config.users.groups.patrick.gid}" ]; in { environment.systemPackages = [pkgs.cifs-utils]; - rekey.secrets.smb-creds.file = ../../secrets/smb.cred.age; + age.secrets.smb-creds.rekeyFile = ../../secrets/smb.cred.age; fileSystems = { "/mnt/smb/patri-data" = { device = "//10.0.0.1/patri-data"; diff --git a/hosts/patricknix/wireguard.nix b/hosts/patricknix/wireguard.nix index 8357658..dcae580 100644 --- a/hosts/patricknix/wireguard.nix +++ b/hosts/patricknix/wireguard.nix @@ -5,13 +5,13 @@ peer = { endpoint = "lel.lol:51820"; publicKey = "t/jR2/0hxBXG0Ytah2w5RQ1gn94k0/Ku9LYcbRR7pXo="; - presharedKeyFile = config.rekey.secrets.wireguard-pre.path; + presharedKeyFile = config.age.secrets.wireguard-pre.path; }; - privateKeyFile = config.rekey.secrets.wireguard-priv.path; + privateKeyFile = config.age.secrets.wireguard-priv.path; in { - rekey.secrets = { - wireguard-pre.file = ../../secrets/wireguard/elisabeth-pre.wg.age; - wireguard-priv.file = ../../secrets/wireguard/elisabeth-priv.wg.age; + age.secrets = { + wireguard-pre.rekeyFile = ../../secrets/wireguard/elisabeth-pre.wg.age; + wireguard-priv.rekeyFile = ../../secrets/wireguard/elisabeth-priv.wg.age; }; networking.wg-quick.interfaces = { diff --git a/modules/secrets.nix b/modules/secrets.nix index 97aa971..116348d 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -8,6 +8,8 @@ inherit (lib) mapAttrs + # Not really unused LSP is confuse + assertMsg types mkOption @@ -65,10 +67,4 @@ in { ''; }; }; - config = { - nix.extraOptions = mkIf cfg.defineRageBuiltins '' - plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins - extra-builtins-file = ${../nix}/extra-builtins.nix - ''; - }; } diff --git a/nix/devshell.nix b/nix/devshell.nix index b19a9fb..1a02ff7 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -45,6 +45,21 @@ in package = update-nix-fetchgit; help = "Update fetcher inside nix files"; } + { + # nix plugins is currently build against nix version 2.16 + # official nix version is 2.15 but if we try to load plugins + # it throws linking errors + package = nixVersions.nix_2_16; + } + ]; + env = [ + { + name = "NIX_CONFIG"; + value = '' + plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins + extra-builtins-file = ${../nix}/extra-builtins.nix + ''; + } ]; devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook;